EP3529736B1 - Fourniture et contrôle de la validité d'un document virtuel - Google Patents

Fourniture et contrôle de la validité d'un document virtuel Download PDF

Info

Publication number
EP3529736B1
EP3529736B1 EP17783831.5A EP17783831A EP3529736B1 EP 3529736 B1 EP3529736 B1 EP 3529736B1 EP 17783831 A EP17783831 A EP 17783831A EP 3529736 B1 EP3529736 B1 EP 3529736B1
Authority
EP
European Patent Office
Prior art keywords
computer system
database
identifier
virtual document
virtual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP17783831.5A
Other languages
German (de)
English (en)
Other versions
EP3529736A1 (fr
Inventor
Olaf HORVATH
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bundesdruckerei GmbH
Original Assignee
Bundesdruckerei GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bundesdruckerei GmbH filed Critical Bundesdruckerei GmbH
Publication of EP3529736A1 publication Critical patent/EP3529736A1/fr
Application granted granted Critical
Publication of EP3529736B1 publication Critical patent/EP3529736B1/fr
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • G06F21/645Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/14Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
    • G06K7/1404Methods for optical code recognition
    • G06K7/1408Methods for optical code recognition the method being specifically adapted for the type of code
    • G06K7/14172D bar codes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/351Virtual cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/18Legal services
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/122Online card verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q2220/00Business processing using cryptography
    • G06Q2220/10Usage protection of distributed data files

Definitions

  • the invention relates to a method for providing and checking the validity of a virtual document and to a system for carrying out the method.
  • the invention relates to a method for checking the validity of a virtual document provided by means of a mobile computer system, for example a smartphone.
  • the US 2014/279519 A1 describes a method for identifying a user for transactions, which comprises receiving an image of an identification document of the user during a first transaction with a first party, the image being obtained using an image acquisition module of a user device, receiving a device ID of the user device, an extract of identification data of the user from the image, a storage of the identification data of the user and the device ID of the user device on a server, the device ID being assigned to the identification data of the user, during a subsequent transaction with a second party, receiving the device ID of the user device, retrieving the identification data of the user based on the device ID and transmitting the retrieved identification data to the second party in order to identify the user for the subsequent transaction.
  • the invention is based on the object of creating a simple, efficient and secure method for checking the validity of a virtual document.
  • the object on which the invention is based is achieved in each case with the features of the independent patent claims. Embodiments of the invention are specified in the dependent claims.
  • Embodiments include a method for providing and checking the validity of a first virtual document on a first computer system and a corresponding computer system for carrying out the method.
  • the first virtual document is provided to the first computer system by means of a mobile second computer system.
  • the first virtual document is stored in a first database of a third computer system, a plurality of virtual documents being stored in the first database.
  • the first computer system comprises a first communication interface for contactless communication with the mobile second computer system and for communication with the third computer system via a network.
  • the first computer system further comprises a first display for displaying the first virtual document.
  • the first computer system has access to a cryptographically secured second database, which includes identifiers for pairings from computer systems and the virtual documents of the first database.
  • the identifiers of the second database include a first identifier of a first pairing from the mobile second computer system and the first virtual document.
  • Embodiments can have the advantage that the password-protected memory address of the first database, under which the first virtual document can be read, does not in itself include any personal data. This can therefore be publicly known without disclosing sensitive personal data of the user of the mobile second computer system. Neither the backup nor the transfer of the memory address must be subject to high security requirements.
  • This in particular facilitates the transmission of the memory address via near-field communication, for example using RFID, Bluetooth® or WLAN.
  • communication can take place wirelessly in accordance with the ISO 14443 standard at a frequency of 13.56 MHz.
  • communication can also take place in accordance with Bluetooth® standard 4 or 5.
  • the memory address can be sent to the environment beacon at fixed time intervals.
  • the memory address can be, for example, a URI (“Uniform Resource Identifier” / uniform identifier for resources) or a URL (“Uniform Resource Locator” / uniform resource pointer).
  • the third computer system is, for example, a computer system embedded in a cloud environment.
  • the password protection ensures that even if the memory address is generally accessible and, in particular, is transmitted wirelessly unencrypted, access to the virtual document and thus to the data comprised by the document is restricted to computer systems or persons authorized for this purpose. Only those who have a valid password can actually read the virtual document.
  • the read out virtual document is shown on the display of the first computer system and the data comprised by the virtual document can be viewed by a user of the first computer system.
  • the virtual document includes identification features of the document owner, such as a photograph and / or information on body size, eye color and age. Using these features, the user of the first computer system can check whether the user of the mobile second computer system is actually also the owner of the virtual document. In the case of an identification document, the user of the mobile second computer system can thus be identified.
  • the virtual document can be a driver's license and the first computer system can be a portable mobile radio device of a police officer who is carrying out a traffic control, or a stationary personal computer at a car rental company where the driver's license holder wants to rent a vehicle.
  • the virtual document could be, for example, an identity card and the first computer system could be a portable mobile radio device or a stationary personal computer of a police officer who carries out a personal check, or a stationary personal computer of a reception desk of a hotel in which the card holder books a room would like to.
  • Authentication with an identification document in the form of a physical document with a permanently assigned document body, which comprises a plurality of security features and a photograph of the document holder is basically two-factor authentication.
  • Such a two-factor authentication is used to authenticate a user by combining two factors. These factors can be given, for example, in the form of an object that is in the possession of the user and a feature that is inextricably linked with the user.
  • authentication takes place through proof of possession of the corresponding identification document and through the face of the user, which must match the photo of the holder of the identification document for successful authentication.
  • Embodiments can have the advantage that they also enable two-factor authentication.
  • the mobile second computer system for example a smartphone, with a photograph of the document owner contained in the virtual document, the mobile second computer system must be a computer system assigned to the virtual document. This assignment is set up and verified by the entry in the cryptographically secured second database.
  • the mobile second computer system can be, for example, a laptop or palmtop computer, a personal digital assistant, a mobile telecommunications device, in particular a smartphone, or the like.
  • the mobile second computer system can also be a computer system of a personal means of transportation of a user, such as the on-board computer of a car.
  • the mobile second computer system can also be, for example, so-called “wearables” or “wearable computers”, i.e. Act on computer systems which are arranged on the user's body during use.
  • wearables are smartwatches, i.e. Watches with computer functionality and connectivity, activity trackers, i.e. Device for recording and sending fitness and / or health-related data, smart glasses, i.e. Glasses, the inside of which serve as a screen, or articles of clothing in which electronic aids for communication are incorporated.
  • the first computer system if this is also configured as a mobile computer system, can also be a computer system of the types listed above, provided that these include a display.
  • the first computer system can also be a stationary computer system, such as a personal computer.
  • a virtual document can also be paired with several devices.
  • a user can pair his driver's license both with his smartphone and with the on-board computer of one or more of the cars he is using. This means that he always has his driver's license available when driving one of the cars in question. Thanks to the smartphone, he also has his driver's license available when he is driving a strange car or another vehicle, such as a motorcycle.
  • the unique identifier of the mobile second computer system is, for example, an IMEI ("International Mobile Station Equipment Identity”), an ICCID ("Integrated Circuit Card Identifier”), a MEID ("Mobile Equipment Identifier”), an Android device ID, a serial number, WLAN MAC address or a Bluetooth® address.
  • a computer or computer system can comprise an interface for connection to a network, wherein the network can be a private or public network, in particular the Internet. Depending on the embodiment, this connection can also be established via a cellular network.
  • a “database” is generally understood here to mean a compilation of data in the form of database entries according to a fixed organizational structure of the database.
  • a database can also include a management program for managing the database.
  • Under a cryptographically secured Database is understood to be a database whose entries are cryptographically secured.
  • the database includes encrypted and / or signed data.
  • a cryptographically secured database is understood here in particular as a blockchain.
  • a “certificate” is understood here to mean a digital certificate, which is also referred to as a public key certificate.
  • digital objects are also referred to as “virtual” objects, i.e. Data constructs for electronic data processing.
  • a so-called Public Key Infrastructure (PKI) is implemented through such certificates based on asymmetric key pairs.
  • PKI Public Key Infrastructure
  • Such a certificate is structured data that is used to assign a public key of an asymmetric cryptosystem to an identity, such as a person or a device.
  • a certificate can contain a public key and be signed.
  • certificates based on zero-knowledge cryptosystems are also possible.
  • the certificate can conform to the X.509 standard or another standard.
  • the certificate is a CV certificate or Card Verifiable Certificate (CVC).
  • CVC Card Verifiable Certificate
  • the PKI provides a system for issuing, distributing and checking digital certificates.
  • a digital certificate is used in an asymmetric cryptosystem to confirm the authenticity of a public key and its permissible scope of application and validity.
  • the digital certificate is itself protected by a digital signature, the authenticity of which can be checked with the public key of the issuer of the certificate.
  • a digital certificate is again used to check the authenticity of the issuer key.
  • a chain of digital certificates can be set up, each of which confirms the authenticity of the public key with which the previous certificate can be checked.
  • Such a chain of certificates forms a so-called validation path or certification path.
  • the participants of the PKI have to rely on the authenticity of the last certificate, the so-called root certificate, and the key certified by this certificate without another certificate can.
  • the root certificate is administered by a so-called root certification authority, the authenticity of which is assumed to be secured and the authenticity of all certificates of the PKI is based on.
  • Digital certificates are a proven means of verifying authorizations when securing electronic communication through asymmetric cryptographic procedures. Certificates are structured data that document the authenticity and / or other properties / authorizations of the owner of a public key (signature verification key) and confirm it by an independent, credible entity (certification service provider / ZDA), generally the certification authority that issues the certificate. Certificates are usually made available to a broad group of people to enable them to check electronic signatures for authenticity and validity.
  • a certificate can be assigned to an electronic signature if the private key belonging to the public key was used to generate the electronic signature to be checked. Because a ZDA provides a certificate in association with a public key to the general public, a ZDA enables users of asymmetric cryptosystems to assign the public key to an identity, for example a person, an organization, an energy or computer system.
  • Asymmetric key pairs are used for a large number of cryptosystems and also play an important role in the signature of electronic documents.
  • An asymmetric key pair consists of a private key, which is used to encrypt data and must usually be kept secret, and a public key, which can be passed on to third parties, for example to a service provider and / or a ZDA.
  • the public key enables anyone to encrypt data for the owner of the private key, to check digital signatures of their documents or to authenticate them.
  • a private key enables its owner to decrypt data encrypted with the public key or to create digital signatures for electronic documents.
  • Digital signatures are used for secure electronic data exchange, for example on the Internet, and enable the verification of identities and / or authorizations and the authenticity of the data exchanged. To ensure this, a public key infrastructure is usually required that confirms the validity of the keys used by means of certificates.
  • a digital signature also referred to as “signature” in the following, is a cryptographic method in which a further data value, referred to as “signature”, is calculated for any data, for example an electronic document.
  • the signature can be, for example, an encrypted hash value of the electronic document, in particular a hash value encrypted with a private key of a cryptographic key pair assigned to a certificate. Corresponding encryption of a hash value is therefore referred to as signing the hash value.
  • the peculiarity of such a signature is that its authorship and affiliation to a certain person or instance can be checked by any third party.
  • a digital signature is also understood here as a digital seal that is not assigned to a natural person but to a legal person.
  • a digital seal therefore does not serve to submit a declaration of intent from an individual, but rather to an institution as proof of origin. It can thus ensure the origin and integrity of virtual documents and prove that they originate from a specific legal entity.
  • a “memory” is understood here to mean both volatile and non-volatile electronic memories or digital storage media.
  • non-volatile memory is understood here to mean an electronic memory for the permanent storage of data.
  • a non-volatile memory can be configured as a non-changeable memory, which is also referred to as read-only memory (ROM), or as changeable memory, which is also known as non-volatile Memory (NVM) is called.
  • ROM read-only memory
  • NVM non-volatile Memory
  • it can be an EEPROM, for example a Flash EEPROM, referred to as Flash for short.
  • Flash Flash for short.
  • a non-volatile memory is characterized by the fact that the data stored on it are retained even after the power supply has been switched off.
  • a “volatile electronic memory” is a memory for the temporary storage of data, which is characterized in that all data is lost after the power supply is switched off.
  • this can be a volatile random access memory, which is also referred to as a random access memory (RAM), or a volatile main memory of the processor.
  • RAM random access memory
  • a “protected memory area” is understood here to mean an area of an electronic memory to which access, that is to say read access or write access, is only possible via a processor of the corresponding electronic device. According to embodiments, access from the processor coupled to the memory is only possible if a condition required for this is met. This can be, for example, a cryptographic condition, in particular a successful authentication and / or a successful authorization check.
  • a “processor” is understood here and in the following to be a logic circuit which is used to execute program instructions.
  • the logic circuit can be implemented on one or more discrete components, in particular on a chip.
  • a “processor” is understood to mean a microprocessor or a microprocessor system made up of several processor cores and / or several microprocessors.
  • An “interface” is understood here to mean an interface via which data can be received and sent, wherein the communication interface can be configured with or without contact.
  • the communication interface can be an internal interface or an external one Act interface, which is connected to an associated device, for example by means of a cable or wirelessly.
  • Network is understood here to mean any transmission medium with a connection for communication, in particular a local connection or a local network, in particular a local area network (LAN), a private network, in particular an intranet, and a virtual private network (virtual Private Network - VPN).
  • a computer system can have a standard radio interface for connection to a WLAN. It can also be a public network such as the Internet. Depending on the embodiment, the network can also be a cellular network.
  • Communication can take place via an optical channel between two optical interfaces.
  • the two optical interfaces can be, for example, a display for displaying or sending optical data and a digital camera for recording or receiving the optical data.
  • a "document” is in particular an identity document, value document or security document, in particular an official document, in particular a paper-based and / or plastic-based document, such as an electronic identification document, in particular a passport, identity card, visa, driver's license, vehicle registration document, vehicle registration document, Health card, or a company ID, or another ID document, a chip card, means of payment, in particular a bank card or credit card, waybill or other proof of authorization.
  • the document can be a machine-readable travel document, as standardized, for example, by the International Aviation Authority (ICAO) and / or the BSI.
  • IAO International Aviation Authority
  • a “virtual” document is understood to be a data construct for electronic data processing which comprises the same data as a previously defined document, but not a permanently assigned physical document body. In particular, the validity of such a document is independent of its existence a permanently assigned document body.
  • a “virtual” document can be an electronic file of any desired file format, in particular a non-executable text or table file.
  • program or “program instructions” is understood here, without restriction, to be any type of computer program which comprises machine-readable instructions for controlling a functionality of the computer.
  • a master password for reading out virtual documents from the first database is stored in a protected memory area of a memory of the first computer system.
  • the first virtual document is read out using the master password.
  • first computer systems assigned to the police are configured to be able to read out virtual identification documents, such as virtual identity cards, virtual passports or virtual residence permits, or virtual driver's licenses at any time.
  • the mobile second computer system continuously sends the password-protected memory address at predefined time intervals, for example.
  • a police officer with a corresponding first computer system can thus get an early insight into the virtual identification document of a person to be checked during a person or traffic control. This can have the advantage that the control can take place with a sufficient safety distance, in particular outside the range of the person to be checked.
  • the method further comprises: receiving a password for reading out the first virtual document, the reading out of the first virtual document taking place using the received password.
  • Embodiments can have the advantage that the user of the mobile second Computer system, which is generally also the owner of the virtual document, can exercise effective access control over the virtual document by controlling the distribution of the password or passwords.
  • the received password is a one-time password with which the virtual document can be read out once under the password-protected memory address.
  • Embodiments can have the advantage that abuse of an access right once granted to the virtual document can be efficiently prevented. In particular, this prevents unauthorized third parties from reading out the virtual document if, for example, the owner of the first computer system makes the password accessible to them or if they otherwise obtain access to the password. The user of the mobile second computer system therefore has the authority to dispose of the virtual document. In addition, the security of the virtual document can be increased in this way.
  • receiving the password comprises: scanning the password, which is displayed on a second display of the mobile second computer system, with a scanner of the first computer system.
  • Embodiments can have the advantage that the password is transmitted via an optical channel that is formed by the second display and the scanner. By aligning the display and scanner accordingly and, if necessary, additional shielding measures, a transmission directed to a specific solid angle can be implemented, which can be better protected against spying attempts by third parties than, for example, non-directional transmission using RFID or Bluetooth®.
  • the displayed password can also be typed out by a user of the first computer system or read out to him by the user of the mobile second computer system.
  • the scanner is a digital camera.
  • Embodiments can have the advantage that the interfaces used for the optical transmission channel, i. Display and digital camera are standard hardware that is now available in all smartphones, for example.
  • the received password is displayed on the second display as a graphic code.
  • the graphic code is, for example, a QR code.
  • Embodiments can have the advantage that they provide a secure, i. in particular enable error-free and efficient transmission of the password.
  • the password is graphically encoded by the mobile second computer system before it is sent and decoded again by the receiving first computer system after it has been received.
  • the received password is encrypted with a public cryptographic key of an asymmetric key pair assigned to the first computer system.
  • the method further comprises: decrypting the received password using a private cryptographic key of the asymmetric key pair.
  • Embodiments can have the advantage that they ensure a secure transmission of the password from the mobile second computer system to the first computer system. Even if the transmitted password is intercepted or tapped, an unauthorized third party who does not have access to the private cryptographic key cannot use the password.
  • the method further comprises: receiving a memory ID of the second database, the memory ID identifying the entry of the second database in which the first identifier is stored.
  • the database entry of the second database in which the first identifier is stored is identified using the memory ID.
  • the cryptographically secured second database is a blockchain and the first identifier is stored as a transaction in a block of the blockchain.
  • a “blockchain” is understood here and in the following to be an ordered data structure, with each block of the blockchain being identified by a hash value and referencing a previous block in the blockchain, for examples of a blockchain see https://en.wikipedia.org/ wiki / Block_chain_ (database) and " Mastering Bitcoin ", Chapter 7, The Blockchain, page 161 ff .
  • the concept of blockchains was described in a white paper on Bitcoin in 2008 under the pseudonym Satoshi Nakamoto ("Bitcoin: Peer-to-Peer Electronic Cash System” (https://bitcoin.org/bitcoin.pdf)).
  • the blockchain consists of a series of data blocks in which one or more transactions are summarized and given a checksum in the form of a hash value. New blocks of the blockchain are created in a usual computationally intensive process, which is also known as mining. These newly generated blocks are then added to the blockchain and distributed to all participants or nodes in the network via a network.
  • Embodiments can have the advantage that the blockchain offers a high degree of security against subsequent manipulations by storing cryptographic checksums, ie hash values, of the preceding block in the respective subsequent block.
  • cryptographic checksums ie hash values
  • the transactions of a block are hashed with each other in pairs, for example using a Merkle tree, and only the last hash value of the block obtained in this way, the so-called root hash value, is noted as a checksum in the header of the block.
  • the chaining of the blocks can then be done using these root hashes.
  • Each block of the blockchain contains the hash of the entire previous block header in its header. This clearly defines the sequence of the blocks and creates a chain structure.
  • the security can be increased.
  • the computational intensity required to create new blocks can be controlled via requirements for the hash value of the new block to be created.
  • the resulting hash value is unpredictable, rather it is a randomly distributed number. However, it can be calculated how much time is necessary in the statistical mean to find a valid new block, depending on the computing power used.
  • the hash value of a block can be varied, for example, by adding and varying a nounce. Due to the chain structure, data once stored in a blockchain can no longer be changed or removed without replacing large parts of the blockchain. However, such a replacement is ruled out as a result of a sufficiently computationally intensive generation of new blocks.
  • Known embodiments of a blockchain are based on the anonymity of the partners involved in the transactions.
  • the above-described signature of the hash values entered in the transactions, their authenticity and their origin can be proven. This can improve the security against forgery.
  • a requirement for a valid block can be, for example, that the hash value of the header of the block is less than or equal to a limit value.
  • the hash value can be calculated using the Secure Hash Algorithm (SHA) SHA 256, for example.
  • the resulting hash value in this case is a random number between 0 and 2 256 -1.
  • the probability that a certain hash will come out when the hash algorithm is applied is (maximum hash value + 1) -1 , in the case of the SHA 256 algorithm it is 2 -256 .
  • the probability that the resulting hash value is less than or equal to a limit value or target value is therefore (target) / (max. Hash value).
  • the probability is [(2 16 -1) * 2 208 ] / 2 256 ⁇ 2 -32 .
  • the probability of receiving a hash value that is less than or equal to the selected limit value is therefore for the example given above: 2 -32 / S.
  • Corresponding adjustments to the difficulty can also be used to keep the hit rate constant in the event of changes in the computer system, for example changes in the computing power by increasing or decreasing the number of blockchain servers.
  • the participants in the blockchain network trust the longest valid blockchain, as this has the most computing power and it can therefore be assumed that it is recognized as valid by the majority of participants becomes. For example, if a fork, i.e. a branch in the blockchain arises, at some point the fork with the longer chain length will prevail, since it can be assumed that the majority of the participants are behind this.
  • a blockchain can, for example, also be implemented in the form of a private blockchain, whereby only a selected group of participants is authorized to add valid blocks.
  • a corresponding authorization can be proven, for example, by means of a signature using a private cryptographic key.
  • the private cryptographic key can belong to an asymmetric key pair, which also includes a public cryptographic key with which the signature can be checked.
  • the asymmetric key pair can also be assigned, for example, a certificate which authorizes the creation of a valid one Blocks of the blockchain occupied. This certificate can also be assigned to a PKI which proves the authenticity of the certificate.
  • a public key can be stored in the blockchain for each participant from the selected group, for example in a Genesis block. This public key can be used to check whether the signatures of blocks and thus the corresponding blocks themselves are valid.
  • Consensus can also be implemented in a blockchain in other ways. For example, a consensus can be reached by voting on the inclusion of proposed entries in the blockchain. For example, each participant keeps a clear list of other participants whom he trusts as a group. Each participant can suggest new entries that should be included in a new block of the blockchain. A vote is taken on the inclusion and thus the recognition of the validity of the proposed entries. For example, each participant only votes on those suggestions that come from participants on his list. In other words, for the decision as to whether a proposal for a new entry is recognized as valid, i.e. whether there is a consensus between the participants regarding the validity of this entry, only the votes of those participants who are included in the list of those participants are taken into account, who makes the appropriate proposal.
  • a certain minimum percentage of participants entitled to vote must vote yes, for example 80%. All proposed entries that meet this criterion will be added to the blockchain. Such a vote can consist of several rounds. All other proposals that do not meet the aforementioned criterion will be discarded or put to the vote again when the next block of the blockchain is voted on.
  • the aforementioned lists represent sub-groups of the blockchain network that the participant who maintains the respective list trusts as a group, without this requiring that he trust each individual participant in the list.
  • the blockchain can be a private or public blockchain.
  • it is a Bitcoin, Litecoin or Ethereum blockchain.
  • the memory ID is a transaction ID of the transaction which comprises the first identifier.
  • Embodiments can have the advantage that they enable simple identification of the transaction which comprises the first identifier.
  • a copy of the blockchain is stored in the memory of the first computer system.
  • Embodiments can have the advantage that the blockchain is available at all times.
  • a blockchain can be designed to be implemented as a decentralized database in a decentralized network, whereby it is stored redundantly and decentrally on all nodes of the corresponding network.
  • the second electronic device is such a node in a decentralized network. If the connection of a node to the rest of the network is interrupted, the complete blockchain is still available to it. Even if the interruption lasts for a longer period of time, the node still has the complete blockchain available up to the interruption and, if necessary, the latest entries that were made after this point in time are missing. In this way, the blockchain can ensure efficient access to the data it contains, even in offline operation. If the blockchain is stored on the first computer system, a regular update of the blockchain in the memory of the first computer system can also ensure that the blockchain is sufficiently up-to-date in the event of a break in the network connection between updates.
  • the communication interface is configured to communicate with the mobile second computer system using the Bluetooth® standard.
  • Embodiments can have the advantage that an efficient contactless communication between the mobile second computer system and the first computer system is enabled, wherein in particular the first computer system can also be configured as a mobile computer system. For example, communication takes place using the Bluetooth® standard 4 or 5.
  • the second identifier is the Bluetooth® address of the second computer system.
  • Embodiments can have the advantage that in a communication between the mobile second computer system and the first computer system using the Bluetooth® standard, the Bluetooth® address provides a unique second identifier that can be easily integrated into the communication.
  • the first identifier stored in the second database is signed with a private cryptographic key of an asymmetric key pair assigned to an ID provider.
  • the method further comprises: checking the signature of the first identifier stored in the identified database entry by the first computer system using a public cryptographic key of the asymmetric key pair assigned to the ID provider.
  • Embodiments can have the advantage that the authenticity of the database entry is ensured.
  • the signature can be used to check that the first identifier, which forms the basis for confirming the validity of the virtual document, was entered by an authorized and trustworthy entity. Thus, not only the integrity of the first identifier, but also its origin can be proven. This can further increase security.
  • the validity of the public cryptographic key of the ID provider can be checked using a document PKI.
  • the second database additionally includes the public cryptographic key of the ID provider.
  • Embodiments can have the advantage that simple access to the public cryptographic key is made possible directly in the course of the database query. Is it at
  • the database is also a database with a blockchain structure, with the public cryptographic key of the ID provider being stored in one of the transactions, the public cryptographic key is protected from manipulation by the chain structure of the blockchain secured by means of the checksum storage.
  • the database entry in the second database also includes the public cryptographic key of the ID provider.
  • Embodiments can have the advantage that they allow easy access to the public cryptographic key.
  • the first computer system and / or the mobile second computer system is a mobile radio device, in particular a smartphone.
  • Embodiments can have the advantage that the standard hardware can be used to implement the method.
  • embodiments can have the advantage that smartphones have the hardware necessary for optical transmission, i.e. Display and digital camera included as standard.
  • the first virtual document is a virtual identification document.
  • Embodiments can have the advantage that they enable a secure and efficient method for authenticating the user of the mobile computer system using the virtual document.
  • the database entry in the second database, in which the first identifier is stored includes an expiry date which defines an end of the validity of the first pairing.
  • a first identifier once entered in the second database ie a once registered pairing between the mobile second computer system and the virtual document, does not retain its validity forever, since entries in a blockchain are neither deleted nor changed can be.
  • the pairing must be renewed, ie the identifier must be re-entered in the blockchain with a new expiry date.
  • it can be ensured at regular intervals that the pairing between the mobile second computer system and the virtual document has not been canceled in the meantime.
  • Embodiments can have the advantage of providing an efficient locking mechanism. For example, all entries with the first identifier are searched for in the second database.
  • the read out first virtual document is deleted from the memory of the first computer system after the check.
  • the first virtual document is not stored permanently on the first computer system, for example only in volatile electronic memory.
  • Embodiments can have the advantage that the virtual document alone is permanently stored in the first database and the user of the mobile second computer system thus retains control over his personal data.
  • Embodiments further include a first computer system for checking the validity of a first virtual document, the first virtual document being provided to the first computer system by means of a mobile second computer system.
  • the first virtual document is stored in a first database of a third computer system, a plurality of virtual documents being stored in the first database.
  • the first computer system comprises a first communication interface for contactless communication with the mobile second computer system and for communication with the third computer system via a network.
  • the first computer system further comprises a first Display for showing the first virtual document.
  • the first computer system has access to a cryptographically secured second database, which includes identifiers for pairings from computer systems and the virtual documents of the first database.
  • the identifiers of the second database include a first identifier of a first pairing from the mobile second computer system and the first virtual document.
  • the first computer system is configured to carry out a method for providing and checking the validity of the first virtual document according to one of the previously described embodiments.
  • FIG. 10 shows a block diagram of an embodiment of an exemplary system comprising a mobile computer system 102, a computer system 152, and first and second servers 202, 212.
  • the mobile computer system 102 of the user 100 is, for example, a portable computer system such as a smartphone.
  • the smartphone 102 comprises a memory 104 with a protected memory area 106 which can only be accessed via a processor 112 of the smartphone 102.
  • In the protected Storage area 106 stores at least one one-time password 108.
  • the one-time password 108 allows one-time access to a virtual document 204 stored under a password-protected memory address.
  • the one-time password 108 can be sent to the smartphone 102, for example in the form of a TAN list, from the first server 200 or an entity responsible for operating the first server 200 Have been made available.
  • the memory address 110 is stored in the memory 104, under which the virtual document 204 can be read out.
  • the memory address 110 is, for example, a URI or URL.
  • the memory 104 also includes a unique identifier 111 of the smartphone 102, which is, for example, a Bluetooth® address or IMEI of the smartphone 102.
  • the smartphone 102 comprises a processor 112 with instructions 114 for executing the method for providing and checking the validity of the virtual document 204.
  • the instructions 114 control, in particular, the sending of the memory address 110.
  • the instructions 114 also control the provision of the one-time password 108 for the computer system 152.
  • the one-time password 108 is encrypted with a public key 160 provided by the computer system 152.
  • the smartphone 102 can include cryptographic program instructions 113 which implement a cryptographic protocol.
  • the cryptographic protocol is configured, for example, to encrypt the one-time password 108 with the public cryptographic key 160.
  • the one-time password 108, encrypted or unencrypted can be graphically coded for display on a display 120 of the smartphone 102.
  • the instructions 114 are configured to encode the one-time password 108.
  • the smartphone 102 also includes an input interface 118, which can be integrated into the display 120, for example, if it is configured as a touchscreen.
  • the input interface 118 is used to control the smartphone 102 by the user 100.
  • the display 120 is suitable, for example, for displaying a graphic code, such as a QR code.
  • the display 120 is a bistable display, e-paper, LCD display (“Liquid Crystal Display “), OLED display (" Organic Light-Emitting Diode display "), or an AMOLED display (" Active Matrix Organic Light-Emitting Diode display ").
  • the smartphone 102 has an interface 122 for contactless communication with an interface 176 of the computer system 152.
  • the interface 122 is a Bluetooth® or RFID interface which transmits the memory address 110 to the computer system 152 by radio signal 180 without contact.
  • the computer system 152 of the user 150 is, for example, also a portable computer system such as a smartphone. Likewise, the computer system 152 could also be a specially configured verification device or a stationary computer system.
  • the computer system 152 comprises a memory 154 with a protected memory area 156 which can only be accessed via a processor 164 of the computer system 152.
  • a private key 158 of an asymmetric key pair assigned to the computer system 152 is stored in the protected memory area 156.
  • a public key 160 assigned to the private key 158 is stored in the memory 154.
  • the computer system 152 comprises a processor 164 with cryptographic program instructions 166 which implement a cryptographic protocol.
  • the cryptographic protocol is configured, for example, to decrypt the one-time password 108 encrypted with the public cryptographic key 160 with the private key 158.
  • the cryptographic program instructions 166 can, for example, cryptographically protect the communication between the computer system 152 and the first server 200 for the transmission of the virtual document 204 via the network 220.
  • the processor executes program instructions 168 which are configured, for example, to read out and check the validity of the virtual document 204. For example, they are configured to decode a graphic coding of the one-time password 108.
  • the computer system 152 includes a display 174 for displaying the virtual document 204.
  • the computer system 152 also includes an input interface 170, which can be integrated into the display 174, for example, if it is configured as a touchscreen.
  • the input interface 170 is used to control the computer system 152 by the user 150.
  • the display 174 is, for example, a bistable display, e-paper, LCD display ("Liquid Crystal Display”), OLED display ("Organic Light- Emitting Diode display "), or an AMOLED display (" Active Matrix Organic Light-Emitting Diode display ").
  • the computer system 152 can be equipped with a scanner 172, for example in the form of a digital camera.
  • the computer system 152 also includes an interface 176 which is configured for contactless communication by means of a radio signal 180 with the mobile computer system 102.
  • the interface 176 can be configured for communication with the two servers 200, 210 via the network 220.
  • the network 220 is an intranet or the Internet. Communication can take place wirelessly and / or via network cable.
  • a unidirectional optical communication channel can be set up for the secure transmission of the one-time password 108 from the smartphone 102 to the computer system 152.
  • the first server 200 comprises the database 202 and / or provides the virtual document 204 stored in the database 202 at a password-protected memory address that can be accessed via the network 220.
  • the second server 200 has a corresponding interface 206 for communication via the network 220.
  • the corresponding memory address can be called up using a general browser such as Microsoft Internet Explorer®, Safari®, Google Chrome®, Firefox®, or an application specially configured for this purpose.
  • the server 200 controls access to the virtual document 204 in such a way that it can only be read out when a valid password is entered or transmitted. In particular, in the case of one-time passwords, the server 200 ensures that repeated entry of such a one-time password does not occur renewed access to the virtual document 204 is allowed.
  • the first server 200 has a corresponding interface 206 for communication via the network 220.
  • the computer system 152 is a computer system which is assigned to an entity with sovereign powers, such as the police, and additionally includes a master password in the protected memory area 156.
  • the server 200 controls access to the virtual document 204, for example, so that the virtual document 204 can be read out at any time, ie in particular repeatedly, when the valid master password is entered or transmitted.
  • the second server 210 comprises and manages a cryptographically secured database in the form of a blockchain 212, which can, for example, be any publicly accessible blockchain. Identifiers of pairings between computer systems and virtual documents are stored permanently and in an audit-proof manner in the blocks of the blockchain 212. The identifiers can be calculated from a unique identifier of the corresponding computer system and the hash value of the corresponding virtual document.
  • the blockchain 212 comprises the identifier 214 of the pairing from the mobile computer system 102 and the virtual document 204.
  • the second server 210 has a corresponding interface 216 for communication via the network 220. According to an alternative embodiment, a copy of the blockchain 214 can also be stored locally on the computer system 152. This can allow network-independent access to the blockchain 212.
  • FIG. 10 shows a flow diagram of an embodiment of a first exemplary method for providing and checking the validity of a virtual document.
  • a first computer system receives a password-protected memory address from a mobile second computer system under which the virtual document to be checked can be called up.
  • a virtual identification document of the user of the mobile second computer system is to be checked.
  • the mobile second computer system sends an unencrypted radio signal with the memory address, for example in the form of a URI or URL, at predefined time intervals.
  • the user of the first computer system requests the user of the mobile second computer system, for example, to additionally provide the password necessary for access to the memory address.
  • the user of the mobile second computer system can also provide the password on their own initiative or a program on the first computer system that accesses the memory address automatically sends a corresponding request for the password to the mobile second computer system.
  • the first computer system receives the password for reading out the virtual document at the previously received memory address.
  • the password is, for example, a one-time password that is displayed on a display of the mobile second computer system.
  • the password can be displayed as a QR code, for example.
  • the password can be encrypted with a public key of the first computer system, for example.
  • the user of the mobile second computer system can also communicate the password orally. In the case of encryption with a public key of the first computer system, the first computer system decrypts the password after receipt with a corresponding private key.
  • the virtual document is read from the memory address by the first computer system using the previously received one-time password and is displayed in block 306 on the display of the first computer system.
  • the transmission of the virtual document can be secured by means of a suitable transport encryption, for example HTTPS.
  • an identifier of the mobile second computer system is also received. According to embodiments, this can be transmitted upon a corresponding request or it is already part of the transmission signal with the memory address.
  • the memory address is transmitted using the Bluetooth® standard and the identifier of the mobile second computer system is the Bluetooth® address of the mobile second computer system.
  • a hash of the virtual document is calculated in block 310 and an identifier for the pairing from the mobile second computer system and the virtual document is calculated in block 312.
  • the mobile second computer system thus serves as an explicit factor for the authentication of its user.
  • the calculated identifier for the pairing is compared with a blockchain in which identifiers of valid pairings between computer systems and virtual documents are stored. If a match is found between the calculated and the stored identifier in block 316, the validity of the virtual document for the present case is confirmed in block 318. That is, it is confirmed that the mobile second computer system is authorized to present the virtual document. If no match is found in block 316, a warning occurs in block 320 that the virtual document is not valid in the present case.
  • the user of the first computer system can then identify the user of the mobile second computer system using the virtual document. For this purpose, for example, the face of the user of the mobile second computer system is compared with a face of the owner of the virtual document displayed on the display of the first computer system. The virtual document is then deleted from the first computer system.
  • FIG. 10 shows a flow diagram of an embodiment of a second exemplary method for providing and checking the validity of a virtual document.
  • block 400 is off analogously to block 300 Figure 2 and blocks 404 through 420 are analogous to blocks 304 through 320 of FIG Figure 2 .
  • the difference to the procedure according to Figure 2 is that in the case of the Figure 3 no one-time password is received from the mobile second computer system. Rather, the first computer system has a master password with which it can access all virtual documents that are stored in the corresponding database, provided a specific memory address has been received.
  • the first computer system is, for example, a police computer system.
  • a master password for reading out virtual documents from the first database is stored in a protected memory area of a memory of the first computer system, with reading out of the first virtual document is done using the master password.
  • the method further comprises: receiving a password for reading out the first virtual document, the reading out of the first virtual document taking place using the received password.
  • the received password is a one-time password with which the virtual document can be read out once under the password-protected memory address.
  • receiving the password includes: scanning the password, which is displayed on a second display of the mobile second computer system, with a scanner of the first computer system.
  • the scanner is a digital camera.
  • the received password is shown on the second display as a graphic code.
  • the graphic code is a QR code.
  • the received password is encrypted with a public cryptographic key of an asymmetric key pair assigned to the first computer system, the method further comprising: decrypting the received password using a private cryptographic key of the asymmetric key pair.
  • the method further comprises: receiving a memory ID of the second database, the memory ID identifying the entry of the second database in which the first identifier is stored, and wherein the identification of the database entry of the second database in which the first identifier is stored is saved using the memory ID.
  • the second cryptographically secured database is a blockchain and the first identifier is stored as a transaction in a block of the blockchain.
  • the memory ID is a transaction ID of the transaction which includes the first identifier.
  • a copy of the blockchain is stored in the memory of the first computer system.
  • the communication interface is configured to the mobile second computer system using the Bluetooth® standards to communicate.
  • the second identifier is the Bluetooth® address of the second computer system.
  • the first identifier stored in the second database is signed with a private cryptographic key of an asymmetric key pair assigned to an ID provider, the method further comprising: checking the signature of the first identifier stored in the identified database entry by the first computer system using a public one cryptographic key of the asymmetric key pair assigned to the ID provider.
  • the second database also includes the public cryptographic key of the ID provider.
  • the database entry in the second database also includes the public cryptographic key of the ID provider.
  • the first computer system and / or the mobile second computer system is a mobile radio device, in particular a smartphone.
  • the first virtual document is a virtual identification document.
  • the database entry in the second database in which the first identifier is stored includes an expiration date which defines an end of the validity of the first pairing.
  • the method further comprises: checking whether the second database additionally includes a lock entry which identifies the first identifier as locked, rejecting the first virtual document as invalid if a lock entry is found.
  • a first computer system for providing and checking the validity of a first virtual document is configured to carry out a method according to one of the preceding examples, wherein the first virtual document is provided for the first computer system by means of a mobile second computer system, the first virtual document in a first database of a third computer system is stored, wherein a plurality of virtual documents is stored in the first database, wherein the first computer system comprises a first communication interface for contactless communication with the mobile second computer system and for communication with the third computer system via a network, wherein the first computer system further comprises a first display for displaying the first virtual document, wherein the first computer system has access to a cryptographically secured second database, which identifiers for pairings Computer systems and the virtual documents of the first database, wherein the identifiers of the second database comprise a first identifier of a first pairing of the mobile second computer system and the first virtual document.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • Tourism & Hospitality (AREA)
  • Databases & Information Systems (AREA)
  • Primary Health Care (AREA)
  • Technology Law (AREA)
  • Economics (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Electromagnetism (AREA)
  • Toxicology (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Claims (15)

  1. Procédé de fourniture et de contrôle de la validité d'un premier document virtuel (204) sur un premier système informatique (152), dans lequel le premier document virtuel (204) est fourni au premier système informatique (152) au moyen d'un deuxième système informatique mobile (102),
    dans lequel le premier document virtuel (204) est stocké dans une première banque de données (202) d'un troisième système informatique (200), où une multiplicité de documents virtuels est stockée dans la première banque de données (202),
    dans lequel le premier système informatique (152) comprend une première interface de communication (176) pour la communication sans contact avec le deuxième système informatique mobile (102) ainsi que pour la communication avec le troisième système informatique (200) par le biais d'un réseau (220), où le premier système informatique (152) comprend en outre un premier affichage (174) pour l'affichage du premier document virtuel (204),
    dans lequel le premier système informatique (152) possède un accès à une deuxième banque de données (212) sécurisée de manière cryptographique, laquelle comprend des identificateurs pour des appariements de systèmes informatiques et du document virtuel (204) de la première banque de données (202), où les identificateurs de la deuxième banque de données (212) comprennent un premier identificateur (214) d'un premier appariement à base du deuxième système informatique mobile (102) et du premier document virtuel (204),
    où le procédé comprend :
    • la réception d'une adresse de stockage (110) protégée par un mot de passe de la première banque de données (202), à laquelle le premier document virtuel (204) est lisible,
    • la lecture du premier document virtuel (204),
    • l'affichage du premier document virtuel (204) sur le premier affichage (174) du premier système informatique (152),
    • la réception d'un deuxième identificateur (111) univoque du deuxième système informatique mobile (102),
    • le calcul d'un troisième identificateur moyennant l'emploi du deuxième identificateur (111) reçu et d'une valeur de hachage du premier document virtuel (204),
    • l'identification de l'entrée de banque de données de la deuxième banque de données (212) dans laquelle le premier identificateur (214) est stocké,
    • la comparaison du troisième identificateur calculé avec le premier identificateur (214) stocké dans l'entrée de banque de données identifiée,
    • la confirmation de la validité du document virtuel (204) en cas de concordance du troisième identificateur calculé avec le premier identificateur (214) stocké.
  2. Procédé selon la revendication 1, dans lequel un mot de passe maître est stocké dans une zone de mémoire sécurisée (156) d'une mémoire (154) du premier système informatique (152) pour la lecture du document virtuel à partir de la première banque de données (202),
    dans lequel la lecture du premier document virtuel (204) a lieu moyennant l'emploi du mot de passe maître.
  3. Procédé selon la revendication 1, où le procédé comprend en outre :
    la réception d'un mot de passe (108) pour la lecture du premier document virtuel (204), où la lecture du premier document virtuel (204) a lieu moyennant l'emploi du mot de passe (108) reçu.
  4. Procédé selon la revendication 3, dans lequel la réception du mot de passe (108) comprend :
    le balayage du mot de passe (108), lequel est indiqué sur un deuxième affichage (120) du deuxième système informatique mobile (102) avec un scanner (172) du premier système informatique (102).
  5. Procédé selon la revendication 4, dans lequel le mot de passe (108) reçu est affiché sous forme de code graphique sur le deuxième affichage (120).
  6. Procédé selon l'une des revendications 3 à 5, dans lequel le mot de passe (108) reçu est crypté avec une clé cryptographique publique (160) d'une paire de clés asymétrique associée au premier système informatique (152), où le procédé comprend en outre :
    le décryptage du mot de passe (108) reçu moyennant l'emploi d'une clé cryptographique privée (158) de la paire de clés asymétrique.
  7. Procédé selon l'une des revendications précédentes, où le procédé comprend en outre :
    la réception d'un ID de mémoire de la deuxième banque de données (212), où l'ID de mémoire identifie l'entrée de la deuxième banque de données (212) dans laquelle le premier identificateur (214) est stocké, et où l'identification de l'entrée de la banque de données de la deuxième banque de données (212), dans laquelle le premier identificateur (214) est stocké, a lieu moyennant l'emploi de l'ID de mémoire.
  8. Procédé selon l'une des revendications précédentes, dans lequel, dans le cas de la deuxième banque de données sécurisée par cryptographie il s'agit une chaîne de blocs (212) et le premier identificateur (214) est stocké sous forme de transaction dans un bloc de la chaine de blocs.
  9. Procédé selon la revendication 8, dans lequel, dans le cas de l'ID de mémoire, il s'agit d'un ID de transaction de la transaction, lequel comprend le premier identificateur (214), et/ou
    dans lequel la copie de la chaîne de blocs est stockée dans la mémoire (154) du premier système informatique (152).
  10. Procédé selon l'une des revendications précédentes, dans lequel l'interface de communication (176) est conçue pour communiquer avec le deuxième système informatique mobile (102) moyennant l'emploi d'une norme Bluetooth®, et/ou
    dans lequel, dans le cas du deuxième identificateur (111), il s'agit de l'adresse Bluetooth® du deuxième système informatique (102).
  11. Procédé selon l'une des revendications précédentes, dans lequel le premier identificateur (214) stocké dans la deuxième banque de données (212) est signé avec une clé cryptographique privée d'une paire de clés asymétrique associée à un fournisseur d'ID,
    où le procédé comprend en outre :
    le contrôle de la signature du premier identificateur (214) stocké dans l'entrée de banque de données identifiée par le premier système informatique (152) moyennant l'emploi d'une clé cryptographique publique de la paire de clés asymétrique associe au fournisseur d'ID.
  12. Procédé selon la revendication 11, dans lequel la deuxième banque de données (212) comprend en outre la clé cryptographique publique du fournisseur d'ID.
  13. Procédé selon la revendication 12, sans lequel l'entrée de banque de données de la deuxième banque de données (212) comprend en outre la clé cryptographique publique du fournisseur d'ID.
  14. Procédé selon l'une des revendications précédentes, dans lequel, dans le cas du premier document virtuel (204), il s'agit d'un document d'identité virtuel, et/ou
    dans lequel l'entrée de banque de données de la deuxième banque de données (212) dans laquelle le premier identificateur (214) est stocké est une date d'expiration, laquelle fixe une fin de la validité du premier appariement, et/ou
    où le procédé comprend en outre :
    le contrôle si la deuxième banque de données (212) comprend en outre une entrée de blocage, laquelle caractérise le premier identificateur (214) comme étant bloqué,
    le rejet du premier document virtuel (204) comme étant invalide dans le cas où une entrée de blocage est retrouvée.
  15. Premier système informatique (152) de fourniture et de contrôle de la validité d'un premier document virtuel (204), dans lequel le premier document virtuel (204) est fourni au premier système informatique (152) au moyen d'un deuxième système informatique mobile (102),
    dans lequel le premier document virtuel (204) est stocké dans une première banque de données (202) d'un troisième système informatique (200), où une multiplicité de documents virtuels (204) est stockée dans la première banque de données (202),
    où le premier système informatique (152) comprend une première interface de communication (176) pour la communication sans contact avec le deuxième système informatique mobile (102) ainsi que pour la communication avec le troisième système informatique (200) par le biais d'un réseau (220), où le premier système informatique (152) comprend en outre un premier affichage (174) pour l'affichage du premier document virtuel (204),
    où le premier système informatique (152) possède un accès à une deuxième banque de données (212) sécurisée de manière cryptographique, laquelle comprend des identificateurs pour des appariements de systèmes informatiques et des documents virtuels de la première banque de données (202), où les identificateurs de la deuxième banque de données (212) comprennent un premier identificateur (214) d'un premier appariement à base du deuxième système informatique mobile (102) et du premier document virtuel (204),
    où le premier système informatique (152) est conçu pour exécuter un procédé selon l'une des revendications 1 à 14.
EP17783831.5A 2016-10-21 2017-10-11 Fourniture et contrôle de la validité d'un document virtuel Active EP3529736B1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102016220656.7A DE102016220656A1 (de) 2016-10-21 2016-10-21 Bereitstellung und Prüfung der Gültigkeit eines virtuellen Dokuments
PCT/EP2017/075940 WO2018073071A1 (fr) 2016-10-21 2017-10-11 Fourniture et contrôle de la validité d'un document virtuel

Publications (2)

Publication Number Publication Date
EP3529736A1 EP3529736A1 (fr) 2019-08-28
EP3529736B1 true EP3529736B1 (fr) 2020-12-16

Family

ID=60083311

Family Applications (1)

Application Number Title Priority Date Filing Date
EP17783831.5A Active EP3529736B1 (fr) 2016-10-21 2017-10-11 Fourniture et contrôle de la validité d'un document virtuel

Country Status (4)

Country Link
US (1) US11151260B2 (fr)
EP (1) EP3529736B1 (fr)
DE (1) DE102016220656A1 (fr)
WO (1) WO2018073071A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102021127976A1 (de) 2021-10-27 2023-04-27 Bundesdruckerei Gmbh Wiederherstellen eines kryptografischen Schlüssels
DE102021127975A1 (de) 2021-10-27 2023-04-27 Bundesdruckerei Gmbh Bereitstellen eines digitalen Dokuments

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10484178B2 (en) * 2016-10-26 2019-11-19 Black Gold Coin, Inc. Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
US10749681B2 (en) * 2016-10-26 2020-08-18 Black Gold Coin, Inc. Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
US20180343120A1 (en) * 2016-10-26 2018-11-29 Black Gold Coin, Inc. Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
DE102017211201A1 (de) * 2017-06-30 2019-01-03 Siemens Aktiengesellschaft Verfahren zum asymmetrischen Schlüsselmanagement und sicherheitsrelevante Anlage
US11875337B2 (en) * 2017-08-09 2024-01-16 SSenStone Inc. Smart card for providing financial transaction by using virtual card number
WO2019031644A1 (fr) * 2017-08-09 2019-02-14 주식회사 센스톤 Système de fourniture de transaction financière basé sur un numéro de carte virtuelle, dispositif de génération de numéro de carte virtuelle et dispositif de vérification de numéro de carte virtuelle, procédé de fourniture de transaction financière basé sur un numéro de carte virtuelle et programme de fourniture de transaction financière basé sur un numéro de carte virtuelle
US11942195B2 (en) * 2018-01-30 2024-03-26 Humana Inc. System for providing a data market for health data and for providing rewards to data market participants
US11336430B2 (en) * 2018-09-07 2022-05-17 Sap Se Blockchain-incorporating distributed authentication system
US10752207B2 (en) * 2018-09-07 2020-08-25 Ford Global Technologies, Llc Multi-factor authentication of a hardware assembly
US10938578B2 (en) * 2018-10-18 2021-03-02 Keir Finlow-Bates System and method for maintaining an integrity of a blockchain using digital certificates
EP3933747A4 (fr) * 2019-03-29 2022-03-02 Fujitsu Limited Programme, dispositif et procédé de traitement d'informations
FR3095371B1 (fr) * 2019-04-25 2021-04-30 Idemia Identity & Security France Procédé d’authentification d’un document d’identité d’un individu et éventuellement d’authentification dudit individu
US11281788B2 (en) * 2019-07-01 2022-03-22 Bank Of America Corporation Transient pliant encryption with indicative nano display cards
US12099997B1 (en) 2020-01-31 2024-09-24 Steven Mark Hoffberg Tokenized fungible liabilities
US11349664B2 (en) 2020-04-30 2022-05-31 Capital One Services, Llc Local device authentication system
JP7276274B2 (ja) * 2020-07-28 2023-05-18 トヨタ自動車株式会社 地図管理システム、地図管理装置および地図管理プログラム
US20220129443A1 (en) * 2020-10-27 2022-04-28 Genetec Inc. Document management system and related method
FR3125661B1 (fr) * 2021-07-22 2024-05-03 Bpce Procédé d’enrôlement d’un utilisateur par un organisme sur une chaîne de blocs
WO2023055345A1 (fr) * 2021-09-28 2023-04-06 Visa International Service Association Sécurité de dispositif avec fonction unidirectionnelle
JP2025526362A (ja) 2022-07-22 2025-08-13 イサラ コーポレイション 複数鍵ペアのルート認証局を表す暗号的に認証されたデータベース
DE102023105902A1 (de) * 2023-03-09 2024-09-12 Bundesdruckerei Gmbh Verfahren zum erzeugen eines provisionierungstokens für eine mehrzahl von digitalen dokumenten
DE102023105907A1 (de) * 2023-03-09 2024-09-12 Bundesdruckerei Gmbh Verfahren zum ausstellen digitaler kopien einer mehrzahl von dokumenten
DE102023105906A1 (de) * 2023-03-09 2024-09-12 Bundesdruckerei Gmbh Verfahren zum ausstellen einer mehrzahl von digitalen dokumenten
DE102023105904A1 (de) * 2023-03-09 2024-09-12 Bundesdruckerei Gmbh Verfahren zum erzeugen eines provisionierungstokens für eine mehrzahl von digitalen dokumentenkopien
CN116708563B (zh) * 2023-05-06 2025-08-29 北京合思信息技术有限公司 档案数据的处理方法、装置、服务器及可读存储介质

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4991283B2 (ja) * 2003-02-21 2012-08-01 カリンゴ・インコーポレーテッド コンテンツベースのアドレシングにおける追加ハッシュ関数
US7783135B2 (en) * 2005-05-09 2010-08-24 Like.Com System and method for providing objectified image renderings using recognition information from images
US8700683B2 (en) * 2011-10-24 2014-04-15 Nokia Corporation Method and apparatus for providing a key-value based storage interface
US9331964B2 (en) * 2013-02-26 2016-05-03 Creating Revolutions Llc System, method, and apparatus for using a virtual bucket to transfer electronic data
US9152930B2 (en) 2013-03-15 2015-10-06 United Airlines, Inc. Expedited international flight online check-in
US20140279519A1 (en) * 2013-03-15 2014-09-18 Jumio Inc. Method and system for obtaining and using identification information
CN105264487B (zh) * 2013-03-15 2018-09-07 美国邮政管理局 身份验证系统和方法
US9608829B2 (en) * 2014-07-25 2017-03-28 Blockchain Technologies Corporation System and method for creating a multi-branched blockchain with configurable protocol rules
US10826900B1 (en) * 2014-12-31 2020-11-03 Morphotrust Usa, Llc Machine-readable verification of digital identifications
EP3257222B1 (fr) * 2015-02-13 2019-10-16 Yoti Holding Limited Authentification de contenu web
US10860735B2 (en) * 2016-08-05 2020-12-08 Sensoriant, Inc. Database system for protecting and securing stored data using a privacy switch

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102021127976A1 (de) 2021-10-27 2023-04-27 Bundesdruckerei Gmbh Wiederherstellen eines kryptografischen Schlüssels
DE102021127975A1 (de) 2021-10-27 2023-04-27 Bundesdruckerei Gmbh Bereitstellen eines digitalen Dokuments
DE102021127976B4 (de) 2021-10-27 2024-05-02 Bundesdruckerei Gmbh Wiederherstellen eines kryptografischen Schlüssels

Also Published As

Publication number Publication date
EP3529736A1 (fr) 2019-08-28
DE102016220656A1 (de) 2018-04-26
US20190205547A1 (en) 2019-07-04
US11151260B2 (en) 2021-10-19
WO2018073071A1 (fr) 2018-04-26

Similar Documents

Publication Publication Date Title
EP3529736B1 (fr) Fourniture et contrôle de la validité d'un document virtuel
EP3596653B1 (fr) Émission de documents virtuels dans une chaîne de blocs
EP3318999B1 (fr) Procédé de délivrance d'une version virtuelle d'un document
EP3256977B1 (fr) Procédé mis en oeuvre par ordinateur pour le contrôle d'accès
EP3474172B1 (fr) Contrôle d'accès à l'aide d'une chaîne de blocs
EP3319006B1 (fr) Procédé de contrôle d'authenticité hors ligne d'un document virtuel
EP4092958B1 (fr) Émission d'une identification numérique vérifiable
EP3400553B1 (fr) Contrôle d'accès au moyen d'un serveur d'authentification
EP3814970B1 (fr) Émission et mise en mémoire inviolables de certificats électroniques
EP3246839B1 (fr) Contrôle d'accès comprenant un appareil radio mobile
EP4295605B1 (fr) Authentification d'utilisateur à l'aide de deux éléments de sécurité indépendants
DE102020108828A1 (de) Personalisierter, serverindividueller Authentifizierungsmechanismus
EP3125464A1 (fr) Service de revocation pour un certificat genere par un jeton d'id
DE102015208098A1 (de) Verfahren zur Erzeugung einer elektronischen Signatur
EP2880810B1 (fr) Authentication d'un document à un dispositif de lecture
EP4657287A1 (fr) Fourniture d'une preuve d'id numérique

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20190521

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 502017008718

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: G06F0021620000

Ipc: G06F0021640000

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

INTG Intention to grant announced

Effective date: 20200717

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 21/64 20130101AFI20200707BHEP

Ipc: H04L 9/32 20060101ALI20200707BHEP

Ipc: G06Q 20/40 20120101ALI20200707BHEP

Ipc: G07F 7/10 20060101ALI20200707BHEP

Ipc: G06F 21/62 20130101ALI20200707BHEP

Ipc: G06Q 50/18 20120101ALI20200707BHEP

Ipc: G07F 7/12 20060101ALI20200707BHEP

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

Free format text: LANGUAGE OF EP DOCUMENT: GERMAN

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 502017008718

Country of ref document: DE

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 1346249

Country of ref document: AT

Kind code of ref document: T

Effective date: 20210115

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210316

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210317

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20201216

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210316

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG9D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210416

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 502017008718

Country of ref document: DE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210416

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

26N No opposition filed

Effective date: 20210917

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210416

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20211031

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20211011

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20211031

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20211031

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20211031

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20211011

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230526

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20171011

REG Reference to a national code

Ref country code: AT

Ref legal event code: MM01

Ref document number: 1346249

Country of ref document: AT

Kind code of ref document: T

Effective date: 20221011

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20221011

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20201216

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20251020

Year of fee payment: 9

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20251024

Year of fee payment: 9

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20251024

Year of fee payment: 9